Fixed Bugs and Malfunctions

Fixed Bugs and Malfunctions

The compatibility function void HMAC_CTX_free in
crypto.c erroneously tried to return a value.

Own Id: OTP-14720

Improvements and New Features

Rewrite public and private key encode/decode with EVP
api. New RSA padding options added. This is a modified
half of PR-838.

Own Id: OTP-14446

The crypto API is extended to use private/public keys
stored in an Engine for sign/verify or encrypt/decrypt
operations.

The ssl application provides an API to use this new
engine concept in TLS.

Own Id: OTP-14448

Add support to plug in alternative implementations
for some or all of the cryptographic operations supported
by the OpenSSL Engine API. When configured appropriately,
OpenSSL calls the engine's implementation of these
operations instead of its own.

Own Id: OTP-14567

Replaced a call of the OpenSSL deprecated function
DH_generate_parameters in crypto.c.

Improvements and New Features

* support for RSASSA-PS padding for signatures and for
saltlength setting * X9.31 RSA padding. * sha,
sha224, sha256, sha384, and sha512 for dss signatures as
mentioned in NIST SP 800-57 Part 1. * ripemd160 to
be used for rsa signatures.

This is a manual merge of half of the pull request 838 by
potatosalad from Sept 2015.

Improvements and New Features

Removed functions deprecated in crypto-3.0 first released
in OTP-R16B01

*** POTENTIAL INCOMPATIBILITY ***

Own Id: OTP-13873

The crypto application now supports OpenSSL 1.1.

Own Id: OTP-13900

Allow Erlang/OTP to use OpenSSL in FIPS-140 mode, in
order to satisfy specific security requirements (mostly
by different parts of the US federal government).

See the new crypto users guide "FIPS mode" chapter about
building and using the FIPS support which is disabled by
default.

(Thanks to dszoboszlay and legoscia)

Own Id: OTP-13921 Aux Id: PR-1180

Crypto chacha20-poly1305 as in RFC 7539 enabled for
OpenSSL >= 1.1.

Thanks to mururu.

Own Id: OTP-14092 Aux Id: PR-1291

RSA key generation added to crypto:generate_key/2.
Thanks to wiml.

An interface is also added to
public_key:generate_key/1.

Own Id: OTP-14140 Aux Id: ERL-165, PR-1299

Raised minimum requirement for OpenSSL version to
OpenSSL-0.9.8.c although we recommend a much higher
version, that is a version that is still maintained
officially by the OpenSSL project. Note that using such
an old version may restrict the crypto algorithms
supported.

*** POTENTIAL INCOMPATIBILITY ***

Own Id: OTP-14171

Deprecate crypto:rand_uniform/2 as it is not
cryptographically strong

Own Id: OTP-14274

The Crypto application now supports generation of
cryptographically strong random numbers (floats < 1.0
and integer arbitrary ranges) as a plugin to the 'rand'
module.

Own Id: OTP-14317 Aux Id: PR-1372

This replaces the hard coded test values for AES, CMAC
and GCM ciphers with the full validation set from NIST's
CAVP program.

Fixed Bugs and Malfunctions

The crypto application has been fixed to not use RC2
against OpenSSL built with RC2 disabled.

Own Id: OTP-13895 Aux Id: PR-1163

The crypto application has been fixed to not use RC4
against OpenSSL built with RC4 disabled.

Own Id: OTP-13896 Aux Id: PR-1169

Improvements and New Features

To ease troubleshooting, erlang:load_nif/2 now
includes the return value from a failed call to
load/reload/upgrade in the text part of the error tuple.
The crypto NIF makes use of this feature by
returning the source line where/if the initialization
fails.

Improvements and New Features

Fixed Bugs and Malfunctions

Fix memory leaks and invalid deallocations in
mod_pow, mod_exp and
generate_key(srp,...) when bad arguments are
passed. (Thanks to Florian Zumbiehi)

Own Id: OTP-11550

Correction of the word 'ChipherText' throughout the
documentation (Thanks to Andrew Tunnell-Jones)

Own Id: OTP-11609

Fix fatal bug when using a hmac context variable in more
than one call to hmac_update or hmac_final.
The reuse of hmac contexts has never worked as the
underlying OpenSSL implementation does not support it. It
is now documented as having undefined behaviour, but it
does not crash or corrupt the VM anymore.

A new test utility for testing appup files is added to
test_server. This is now used by most applications in
OTP.

(Thanks to Tobias Schlager)

Own Id: OTP-11744

Improvements and New Features

By giving --enable-static-{nifs,drivers} to configure it
is now possible to statically linking of nifs and drivers
to the main Erlang VM binary. At the moment only the asn1
and crypto nifs of the Erlang/OTP nifs and drivers have
been prepared to be statically linked. For more details
see the Installation Guide in the System documentation.

Own Id: OTP-11258

Add IGE mode for AES cipher in crypto (Thanks to Yura
Beznos).

Own Id: OTP-11522

Moved elliptic curve definition from the crypto
NIF/OpenSSL into Erlang code, adds the RFC-5639 brainpool
curves and makes TLS use them (RFC-7027).

Thanks to Andreas Schultz

Own Id: OTP-11578

Remove all obsolete application processes from crypto and
make it into a pure library application.

Fixed Bugs and Malfunctions

Remove unnecessary dependency to libssl from crypto NIF
library. This dependency was introduced by accident in
R14B04.

Own Id: OTP-10064

Improvements and New Features

Add crypto and public_key support for the hash functions
SHA224, SHA256, SHA384 and SHA512 and also hmac and
rsa_sign/verify support using these hash functions.
Thanks to Andreas Schultz for making a prototype.

Own Id: OTP-9908

Optimize RSA private key handling in crypto and
public_key.

Own Id: OTP-10065

Make crypto:aes_cfb_128_encrypt and
crypto:aes_cfb_128_decrypt handle data and cipher
with arbitrary length. (Thanks to Stefan Zegenhagen)

Improvements and New Features

public_key, ssl and crypto now supports PKCS-8

Own Id: OTP-9312

Erlang/OTP can now be built using parallel make if you
limit the number of jobs, for instance using 'make
-j6' or 'make -j10'. 'make -j' does not
work at the moment because of some missing
dependencies.

Fixed Bugs and Malfunctions

Various small documentation fixes (Thanks to Bernard
Duggan)

Own Id: OTP-9172

Improvements and New Features

New crypto support for streaming of AES CTR and
HMAC. (Thanks to Travis Jensen)

Own Id: OTP-9275

Due to standard library DLL mismatches between versions
of OpenSSL and Erlang/OTP, OpenSSL is now linked
statically to the crypto driver on Windows. This fixes
problems starting crypto when running Erlang as a service
on all Windows versions.

Improvements and New Features

Cross compilation improvements and other build system
improvements.

Most notable:

Lots of cross
compilation improvements. The old cross compilation
support was more or less non-existing as well as broken.
Please, note that the cross compilation support should
still be considered as experimental. Also note that old
cross compilation configurations cannot be used without
modifications. For more information on cross compiling
Erlang/OTP see the $ERL_TOP/INSTALL-CROSS.md file.

Support for staged install using DESTDIR.
The old broken INSTALL_PREFIX has also been fixed.
For more information see the $ERL_TOP/INSTALL.md
file.

Documentation of the release
target of the top Makefile. For more information
see the $ERL_TOP/INSTALL.md file.

make install now by default creates relative
symbolic links instead of absolute ones. For more
information see the $ERL_TOP/INSTALL.md file.

$ERL_TOP/configure --help=recursive
now works and prints help for all applications with
configure scripts.

Doing make
install, or make release directly after
make all no longer triggers miscellaneous
rebuilds.

Existing bootstrap system is now
used when doing make install, or make
release without a preceding make all.

The crypto and ssl
applications use the same runtime library path when
dynamically linking against libssl.so and
libcrypto.so. The runtime library search path has
also been extended.

The configure
scripts of erl_interface and odbc now
search for thread libraries and thread library quirks the
same way as ERTS do.

The
configure script of the odbc application
now also looks for odbc libraries in lib64 and
lib/64 directories when building on a 64-bit
system.

The config.h.in file in the
erl_interface application is now automatically
generated in instead of statically updated which reduces
the risk of configure tests without any effect.

(Thanks to Henrik Riomar for suggestions and
testing)

(Thanks to Winston Smith for the AVR32-Linux cross
configuration and testing)

*** POTENTIAL INCOMPATIBILITY ***

Own Id: OTP-8323

The crypto module now supports Blowfish in ECB, CBC and
OFB modes. (Thanks to Paul Oliver.)

Own Id: OTP-8331

The documentation is now possible to build in an open
source environment after a number of bugs are fixed and
some features are added in the documentation build
process.

- The arity calculation is updated.

- The module prefix used in the function names for
bif's are removed in the generated links so the links
will look like
"http://www.erlang.org/doc/man/erlang.html#append_element-2"
instead of
"http://www.erlang.org/doc/man/erlang.html#erlang:append_element-2".

- Enhanced the menu positioning in the html
documentation when a new page is loaded.

- A number of corrections in the generation of man
pages (thanks to Sergei Golovan)

- The legal notice is taken from the xml book file so
OTP's build process can be used for non OTP
applications.

Improvements and New Features

Improvements and New Features

The previously undocumented and UNSUPPORTED ssh
application has been updated and documented. This release
of the ssh application is still considered to be a
beta release and (if necessary) there could still be
changes in its API before it reaches 1.0.

Also, more cryptographic algorithms have been added to
the crypto application.

Improvements and New Features

Corrected error handling. If the port to the driver that
crypto uses is unexpectedly closed (which should not
happen during normal operation of crypto), crypto will
terminate immediately (rather than crashing the next time
crypto is used). Also corrected build problems on Mac OS
X.

Fixed Bugs and Malfunctions

It was not possible in R9 to relink the crypto driver.
The object file was missing as well as an example
makefile. The crypto driver object file is now released
with the application (installed in priv/obj). An example
makefile has also been added to the priv/obj directory.
The makefile serves as an example of how to relink the
driver on Unix (crypto_drv.so) or Windows
(crypto_drv.dll).

Improvements and New Features

Previous versions of Crypto where delivered with
statically linked binaries based on SSLeay. That is not
longer the case. The current version of Crypto requires
dynamically linked OpenSSL libraries that the user has to
install. The library needed is libcrypto.so (Unix)
or libeay32.[lib|dll] (Win32). For further details
see the crypto(6) application manual page.

This version of Crypto uses the new DES interface of
OpenSSL 0.9.7, which is not backward compatible with
earlier versions of OpenSSL.

The functions des_ede3_cbc_encrypt/5 and
des_ede3_cbc_decrypt/5 have been renamed to
des3_cbc_encrypt/5 and des3_cbc_decrypt/5,
respectively. The old functions have been retained (they are
deprecated and not listed in the crypto(3) manual page).

Reported Fixed Bugs and Malfunctions

The start of crypto failed on Windows, due to erroneous addition
of a DES3 algorithm.

Reported Fixed Bugs and Malfunctions

To obtain backward compatibility with the old SSLeay
package, and with earlier versions of OpenSSL, the macro
OPENSSL_DES_LIBDES_COMPATIBILITY has been added to
crypto_drv.c. This is of importance only for the open
source version of Crypto.